<?php

require 'vars.php';
require 'functs.php';

Authenticate();

require 'config.mysql.php';

$link = MySQL_go($mysql_server,$mysql_user,$mysql_pass);
MySQL_set_db($link,$mysql_db);


if (!isset($_GET[password])) { header("Location: index.php#bot"); } // Automatically forward home, except for password changes -- need user to see result.

$sendstring = "UPDATE `featherchat_users` SET ";

if (isset($_GET[display])) {
	if ($_POST[showtime] == 'on') {
		$showtime = 1;
	} else { $showtime = 0; }
	
	if ($_POST[timezone] < -12) { // Don't allow inexistant timezones.
		$_POST[timezone] = -12;
	} elseif ($_POST[timezone] > 12) {
		$_POST[timezone] = 12;
	}
	$sendstring .= " `history` = '".$_POST[history]."',`histmin` = '".$_POST[histmin]."',`refresh` = '".$_POST[refresh]."',`timezone` = '".$_POST[timezone]."',`showtime` = '".$showtime."'";
}
elseif (isset($_GET[email])) {
	if ($_POST[emailnot] == 'on') { $emailnot = 1; } else { $emailnot = 0; };
	$sendstring .="	`email` = '".$_POST[email]."',`emailnot` = '".$emailnot."',`emailtime` = '".$_POST[emailtime]."'";
}
elseif (isset($_GET[password])) {
	if (!empty($_POST[oldpass]) && !empty($_POST[newpass1]) && !empty($_POST[newpass2])) {

	$user = mysql_real_escape_string($_SESSION[user]);

		$checkoldpasssql = "SELECT `pass` FROM `featherchat_users` WHERE `name` = '".$user."'";
		$result = mysql_query($checkoldpasssql) or die ("Unable to find password for user.");
		$checkoldpass = mysql_result($result,0);

		if (md5($_POST[oldpass]) != $checkoldpass) { echo "Old password does not match the stored version."; }
		else {
			if ($_POST[newpass1] == $_POST[newpass2]) {
				$sendstring .= " `pass` = '".md5($_POST[newpass1])."'";
				echo "Password updated successfully.<br><a href=\"index.php\">Home</a>";
			}
			else { echo "Your two new passwords don't match!"; }
		}
	}
	else { echo "You left something blank."; }
}
elseif (isset($_GET[system])) {
	if ($_POST[emailnot] == 'on') { $emailnot = 1; } else { $emailnot = 0; };
	$updatesettingssql .="UPDATE `featherchat_settings`	SET `timezone` = '".$_POST[timezone]."'";
}
	
$sendstring .= " WHERE `name` = '".$_SESSION[user]."'";
mysql_query($sendstring) or die ("Unable to update options.");

mysql_close($link);

?>